Tuesday, August 02, 2016

Becoming an infosec con speaker, Part 2

Back April, I wrote about speaking at my first BSides, the BSides Charm conference in Baltimore. In there, I discussed getting selected for the awesome BSidesLV Proving Ground program, which pairs newbie speakers with mentors.

My BSidesLV talk was just this afternoon, so while it's still fresh in my mind I wanted to write up a little bit about how the talk came together.  My submission was on the same general topic as the BSides Charm, so we started with that slide deck as a starting point.


Security Vulnerabilities, the Current State of Consumer Protection Law, & how IOT Might Change It





For this one, though, I'd put in "I think IOT will change software liability" and so we chose to really push that more than the vulnerability disclosure/failure to warn angle.

The experience of having another person to work through a talk with was incredibly helpful, and I can't recommend this enough. Being able to get feedback on questions like "I don't know what to do with my hands during the talk" to tips like "no full sentences on the slides" (if you view my slides you'll see I actually ended up breaking this one). Here are some notes from one of our discussion:

* front load more of the idea? Start with a story…. get comfortable with delivery
* no full sentences in the presenter notes

1. print out slides, write one or two things on the slide to refer
  * distill what to get out of the slide
2.  imagine the situation, and what would happen?
** context setting


Looking at this now, some of this seems obvious, but it helped to make me realize I wasn't doing those obvious things, and helped to frame the talk. Starting with a story... I was like yes, I have done that in almost every legal paper I've written. Why aren't I doing that here?

The big point in developing the talk for me came in mid-July. I had a set of slides that I was mostly OK with. I did a dry run over Hangouts, and I got... stuck about 3/4 of the way through the talk. I had to restart. It wasn't flowing, I wasn't setting up points I wanted to make later, I meandered. It was painful.

So I enlisted a stuffed animal. I pulled up those slides & tried to give the talk again and again, to my little stuffed fox:



I got stuck, again. So I pulled out a paper notebook, and made a bubble flow chart of what the big ideas should be, and how they would flow. This was really, really, really, really hard. I was sitting there going "I don't know what I'm doing as a speaker and why won't this work."

I started thinking of the spots I got stuck as pivot points, where the talk had to transition into a new idea. My problem was that I wasn't realizing that I had to do those pivots, didn't think about setting up the next section of the talk until I landed on a slide, and had to pick up the threads.

Here is where mentors are awesome: my mentor had pointed out that I needed to signal these transition points, and we had sort of talked about showing it on the slides. On powerpoint's presentation view (which is fabulous!) you can see the next slide coming up. So I made a slide with very little text for each transition and I colored those transition point slides solid purple, so that it would be visible in my peripheral vision when I glanced down at the screen. Just having that solid purple coming up was a reminder that I had to start framing the next section. That one change made the talk flow so much better.

Since this was a legal talk for an infosec audience, trying to get the right level of legal terminology explained without descending into jargon was important, as was getting across the background information. This audience wouldn't have a 1L law school background. Tort law and strict liability are important to software liability, but mean nothing to someone without a legal education. Having a mentor remind me to figure out how to explain those concepts in one sentence was really helpful.

My slides are online now; the talk was recorded, but I'm not sure when it will be online. I actually don't remember much about giving it- I do sort of remember missing some things that I'd wanted to say, but since each time through was slightly different, that was really just going to happen. I don't think that I could give an overly rehearsed talk, because I'd just be reading off the speaker notes, and it would probably be kind of flat. I had phrases in my speaker notes that were "big idea to get across here" but I didn't look at them as much as I thought I was going to.

So, that was how my talk came together. It was really fun, and I'm so grateful for the opportunity to work with a mentor on this talk, and for the chance to come to Las Vegas in August and speak at one of these conferences. Last August was my first time attending, when I got an academic sponsorship to Black Hat. Never in a million years did I think I'd be back the next year as a speaker. Thank you BSides Proving Ground for that chance!